2 // ProtectedData.cs: Protect (encrypt) data without (user involved) key management
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System
.Runtime
.InteropServices
;
33 using System
.Security
.Permissions
;
35 using Mono
.Security
.Cryptography
;
37 namespace System
.Security
.Cryptography
{
40 // a. Windows Data Protection
41 // http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp?frame=true
43 public sealed class ProtectedData
{
45 private ProtectedData ()
49 // FIXME [DataProtectionPermission (SecurityAction.Demand, ProtectData = true)]
50 public static byte[] Protect (byte[] userData
, byte[] optionalEntropy
, DataProtectionScope scope
)
53 throw new ArgumentNullException ("userData");
55 // on Windows this is supported only under 2000 and later OS
59 case DataProtectionImplementation
.ManagedProtection
:
61 return ManagedProtection
.Protect (userData
, optionalEntropy
, scope
);
64 string msg
= Locale
.GetText ("Data protection failed.");
65 throw new CryptographicException (msg
, e
);
67 case DataProtectionImplementation
.Win32CryptoProtect
:
69 return NativeDapiProtection
.Protect (userData
, optionalEntropy
, scope
);
72 string msg
= Locale
.GetText ("Data protection failed.");
73 throw new CryptographicException (msg
, e
);
76 throw new PlatformNotSupportedException ();
80 // FIXME [DataProtectionPermission (SecurityAction.Demand, UnprotectData = true)]
81 public static byte[] Unprotect (byte[] encryptedData
, byte[] optionalEntropy
, DataProtectionScope scope
)
83 if (encryptedData
== null)
84 throw new ArgumentNullException ("encryptedData");
86 // on Windows this is supported only under 2000 and later OS
90 case DataProtectionImplementation
.ManagedProtection
:
92 return ManagedProtection
.Unprotect (encryptedData
, optionalEntropy
, scope
);
95 string msg
= Locale
.GetText ("Data unprotection failed.");
96 throw new CryptographicException (msg
, e
);
98 case DataProtectionImplementation
.Win32CryptoProtect
:
100 return NativeDapiProtection
.Unprotect (encryptedData
, optionalEntropy
, scope
);
102 catch (Exception e
) {
103 string msg
= Locale
.GetText ("Data unprotection failed.");
104 throw new CryptographicException (msg
, e
);
107 throw new PlatformNotSupportedException ();
113 enum DataProtectionImplementation
{
117 Unsupported
= Int32
.MinValue
120 private static DataProtectionImplementation impl
;
122 private static void Detect ()
124 OperatingSystem os
= Environment
.OSVersion
;
125 switch (os
.Platform
) {
126 case PlatformID
.Win32NT
:
127 Version v
= os
.Version
;
129 impl
= DataProtectionImplementation
.Unsupported
;
131 // Windows 2000 (5.0) and later
132 impl
= DataProtectionImplementation
.Win32CryptoProtect
;
135 case PlatformID
.Unix
:
136 impl
= DataProtectionImplementation
.ManagedProtection
;
139 impl
= DataProtectionImplementation
.Unsupported
;
144 private static void Check (DataProtectionScope scope
)
146 if ((scope
< DataProtectionScope
.CurrentUser
) || (scope
> DataProtectionScope
.LocalMachine
)) {
147 string msg
= Locale
.GetText ("Invalid enum value '{0}' for '{1}'.",
148 scope
, "DataProtectionScope");
149 throw new ArgumentException (msg
, "scope");
153 case DataProtectionImplementation
.Unknown
:
156 case DataProtectionImplementation
.Unsupported
:
157 throw new PlatformNotSupportedException ();